Securing Integration to DX Operational Intelligence with New Service Account

secure integration to DX Operational Intelligence

In today’s large, complex and hybrid IT landscapes, data security is one of the foremost concerns for IT leaders. At the same time an equally important objective is to make the experience for internal users seamless for better adoption and efficiency. As a result, federated login has become the preferred choice among many enterprises so that their internal users have one point access to disparate systems that they use, manage or monitor.

In order to securely & seamlessly integrate DX Operations Intelligence with any SaaS or On-premises products within your SSO enabled environments, DX Operational Intelligence now comes with a built-in Service Account.

A Service Account is an API only account that is created at the time of tenant provisioning which enables DX Operations Intelligence users to:

  • Ingest monitoring data such as alarms, metrics, etc. from third party data sources using DX RESTMon
  • Integrate with on-premises applications for Ticket Management or Alarm Notifications using DX Gateway
  • Interact with DX Operations Intelligence APIs to perform operations such as – Importing Services, Retrieve Policies, etc.

The Service Account is local to DX Operational Intelligence. Creating a new user in IDP or Active Directory is not required.

Only one such account can be created per tenant. Only an Admin user (with role as Tenant Administrator) can manage lifecycle of Service Account.

Getting Started

This feature is currently available only on DX SaaS and can be enabled the following ways:

  • For new DX SaaS tenants provisioned after Dec 2020: “SERVICE-ACCOUNT-USER” is available by default
  • Existing DX SaaS (using Basic Auth): Tenant Admins can manually create “SERVICE-ACCOUNT-USER” user and set password
  • Existing DX SaaS (using SAML): Please raise a Broadcom Support ticket for user creation

Configuring

To check if SERVICE-ACCOUNT-USER is available OR to activate the user, navigate to Launchpad >> Settings >> Users and search for user.

By default, account status is Inactive.

Click on username and Activate user account.

Service Account works independently of authentication type. This means that steps to start using this account are same in both cases. The steps for tenant with Auth Type as Local, remain the same.

Once created, it is not possible to delete the user but it can be inactivated or activated as required.

Tenant Admins can:

  1. Change Firstname/Lastname
  2. Change email address
  3. Reset Password

When requesting to reset the password, an email is sent to configured mail address to set the new password.

A SERVICE-ACCOUNT-USER is solely meant for integration and cannot be used to login to DX SaaS.

Using

In order to start using the service account for integration, go to the VM where DX Gateway is downloaded and installed. If you haven’t downloaded DX Gateway yet, you can download from – DX SaaS >> Launchpad >> Settings >> Downloads.

On the DX Gateway VM, navigate to directory where DX Gateway is unzipped and navigate to Config dir

Open the “generic_config” file.

Give the following inputs in the file –

  • “dxsaas_tenant_id” : Tenant Id/Tenant Name
  • “dxsaas_username” : SERVICE-ACCOUNT-USER
  • “dxsaas_password”: Password for SERVICE-ACCOUNT-USER (in clear text)

Close the “generic_config” file and run DX Gateway executable.

Once, the required DX Gateway component has started, check the generic_config file again. It should look something like this –

Notice that the “keys” fields are now populated with tokens which means that the Service Account request for connection is authorized and a valid token is issued. DX Gateway can now be used to either ingest data or for getting alarm data from DX SaaS to create notifications or tickets on on-prem applications.

[“source=broadcom”]

Related posts